Definition of the word “Phish”

commit fraud to get financial information: to trick somebody into providing bank or credit-card information by sending a fraudulent e-mail purporting to be from a bank, Internet provider, etc. , asking for verification of an account number or password.

Another definition of Phishing is a fraudulent attempt, usually made through email, to steal your personal information.

Phishing through e-mail

Phishing emails usually appear to come from a well-known organization and ask you to enter  your personal information — such as credit card number, account number, social security number or password.

phishing through email - picture for better understanding

In order for Internet criminals to successfully “phish” your personal information, they must get you to go from an email to a website. Phishing emails will almost always tell you to click a link that takes you to a site where your personal information is requested. Please remember that legitimate organizations would never request this information’s from you via email.

Link manipulation

Most methods of phishing use some form of technical deception designed to make a link in an e-mail  appear to belong to the spoofed organization. Misspelled URLs or the use of sub-domains are common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the “yourbank” (i.e. phishing) section of the example website. Another common trick is to make the anchor text for a link appear to be valid, when the link actually goes to the phishers’ site. The following example link, http://en.wikipedia.org/wiki/Genuine, appears to take you to an article entitled “Genuine”; clicking on it will in fact take you to the article entitled “Deception”.

source:-  www.wikipedia.org

Phishing through Website

phishing_photo_website_url_hacking

How to identify phishing or not?

1. Poor resolution. Phishing websites are often poor in quality, since they are created with urgency and have a short lifespan. If the resolution on a logo or in text strikes you as poor, be suspicious.
2. Forged URL. Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization. Read URLs from right to left — the real domain is at the end of the URL. Also, websites where it is safe to enter personal information begin with “https” — the “s” stands for secure. If you don’t see “https” do not proceed. Look out for URLs that begin with an IP address, such as: http://18.24.58.178/firstgenericbank/account-update/ — these are likely phishes.

You can add a phish website to    http://www.phishtank.com/index.php

Phishing through Social Networking sites. Eg: through myspace.com

Social networking sites are now a prime target of phishing, since the personal details in such sites can be used in identity theft; in late 2006 a computer worm took over pages on MySpace and altered links to direct surfers to websites designed to steal login details. Experiments show a success rate of over 70% for phishing attacks on social networks.

The RapidShare file sharing site has been targeted by phishing to obtain a premium account, which removes speed caps on downloads, auto-removal of uploads, waits on downloads, and cooldown times between downloads.